I am working on a PowerShell script for the Forti-ADC to upload PFX-certificates. The API is working fine and I can GET information with API-calls from the Forti-ADC with PowerShell. The only thing I cannot get to work is uploading a certificate
Hi BJBee. When using Postman to upload certificate files, I've had to add this HTTP header. Maybe the bash script does it automatically and the PowerShell does not? Content-Type: "multipart/form-data; boundary=--------------------------"
The reason is that the POST consists of both an HTML form with the parameters, and then the binary part being the upload of the actual PFX file.
If you enable HTTP management on ADC, and disable redirect to HTTPS, you can make a packet capture to see what the HTTP request actually looks like, and see if this may be a hint.
I have been struggling to get this to work, but finally did. Below is the script I am using to login and upload the PFX via the API in Powershell. The important things to note is the FormDataTemplate section that manually crafts the multipart/form-data body. Also, the encoding for the file is important, I use ISO-8859-1 because it is encoded using a single byte unlike UTF-8 and others. I tried all sorts of ones until I found ISO-8859-1.
You shouldn't have any problems with the above and it should all work, this was built for Powershell v5 but tested and worked in v7 as well. The spacing between the boundaries is important and probably should not be changed. If you are getting a payload -2001 or payload multipart upload fail, then the formatting of the multipart body is wrong and has an extra newline, space, etc. If you are getting a payload -167 then that means it can't decrypt and use the PFX, so that means the encoding on the file is wrong or the password is incorrect. At least this is what I found those errors to mean. I don't know what the official meaning is, it would be nice if the documentation was a little more robust for things like that.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.